Jeg kæmper på livet løs mod denne virus/orm...
AGOBOT.EZ ligger her: C:WINDOWSSystem32WinMgnt.exe i følge virusscanner..
Jeg har virklig seriøs brug for hjælp. Min virusscanner Pc-cillin 2002 "updatret" finder dem, men er ikke i stand til at komme af med den. Har også haft Sasser worm, men tror ikke den er helt væk endnu. Men her er hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 09:27:14, on 30-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammerSygateSPFsmc.exe
C:WINDOWSExplorer.EXE
C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:ProgrammerMessengermsmsgs.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32WinMgnt.exe
C:ProgrammerTrend MicroPC-cillin 2002PCCPFW.exe
C:ProgrammerInternet Exploreriexplore.exe
C:Documents and SettingsPitzblackDokumenterDownloadDriverVirus stuffhjt.exe
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 64.91.255.87
www.dcsresearch.com[...]
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe
O4 - HKLM..Run: [CTStartup] C:ProgrammerCreativeSplash ScreenCTEaxSpl.EXE /run
O4 - HKLM..Run: [Jet Detection] C:ProgrammerCreativeSBAudigyPROGRAMADGJDet.exe
O4 - HKLM..Run: [pccguide.exe] "C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe"
O4 - HKLM..Run: [PCCClient.exe] "C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe"
O4 - HKLM..Run: [Pop3trap.exe] "C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe"
O4 - HKLM..Run: [Win Loader1] XzyVxMSJKR
O4 - HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKLM..RunServices: [Win Loader1] XzyVxMSJKR
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com[...]
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:contentincludeXPPatchInstaller.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com[...]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net[...]
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:ContentincludemsSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com[...]
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com[...]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com[...]
--
Epox 8RDA+ [] AMD Athlon XP2700+ [] 1024 MB Samsung DDR PC3200 [] MSI GeForce4 Ti4400 [] IBM DeskStar 120GXP 40GB [] Samsung SyncMaster 950p 19" Skærm [] MS Home Edition